Login   |   Secure Purdue > News

Firefox, Thunderbird, and Seamonkey Vulns

New as of today (April 22nd, 09) there are a fresh batch of vulnerabilities that have been discovered in Mozilla products Firefox, Thunderbird, and Seamonkey. Firefox has, fortunately been patched already and the fix can be pulled down via auto update (we've noticed that when the Mozilla update servers are getting hit pretty hard, they'll throw an XML error when a user tries to use the auto update feature. This can be circumvented by simply downloading the latest version of Firefox from the Mozilla home page).

Thunderbird and Seamonkey, however, are both currently unpatched.

The vulnerabilities in all of these applications allow for the "potential execution of arbitrary code" among other types of security and restriction bypass attacks. More detailed information on these vulnerabilities can be found at Secunia.org:

Firefox article: secunia.com/advisories/34758/

Thunderbird article: secunia.com/advisories/34780/

Seamonkey articke: secunia.com/advisories/34835/

Posted by Brett Davis on April 22, 2009, in Handlers Log.